02-06-2007 07:06 AM
Do special chars such as $ or ! present a problem for CiscoWorks LMS 2.2 (RME 3.5)? After Export to File as csv, I see ! is used internally by CWK in "!{[NOVALUE]}!" and the $ sign is escaped like this: "\$". Do these special chars get presented correctly to TACACS, or is Cisco Secure ACS having trouble with them too?
02-06-2007 07:54 AM
Not sure abou ACS, but LMS usually does't like special characters like $, !, or @ in its passwords or comm strings. Its better to stick to alpha-numeric.
02-06-2007 09:13 AM
Is there any way to turn on debug to see how exactly RME NetConfig is conversing with the device? I have another NetConfig job that claims it couldn't get the telnet prompt, even though I got the prompt fine telnetting to it manually.
02-06-2007 10:40 AM
You can enable debugging for Netconfig - Netconfig Client under Loglevel settings and then have a look at the netcnofigclient.log.
A packet capture while the netconfig job is running is also a useful tool
If it can't get the telnet prompt then it won't even attempt to send a password and will timeout.
Are your telnet prompts custom or do they have any whitespace like:
Username :
02-06-2007 10:45 AM
I'm running LMS 2.2 RME 3.5 here. I believe those debug options/logfile are for LMS 2.5 or higher. I think there's a config file that needs to be modified for debug in LMS 2.2. Is this correct?
The telnet prompt is the default, I believe:
cat6509idf>
This prompt problem only happens with the two CatOS devices attempted.
02-06-2007 11:53 AM
Yup, getting rid of the ! and $ got CWK auth'ing to TACACS successfully again.
Still need to figure out the telnet prompt issue though.
02-06-2007 07:07 PM
To enable debugs for RME 3.5 do the following:
Turning on the debugs :
-----------------------
* ConfigArchive (Used by NetConfig to view device configurations)
Change the DebugLevel parameter to 5 in
\cscopx\www\classpath\com\cisco\nm\config\archive\config.properties
Edit the config.properties file to read DEBUG_LEVEL=5
* NetConfig, MakerChecker, ConfigCategory:
Change the DebugLevel parameter in
\cscopx\www\classpath\com\cisco\nm\cmf\debug.properties
Just change the line "NetConfig=1" to "NetConfig=5".
* Change the CDLDebugLevel parameter to 5 in
\CSCOpx\www\classpath\com\cisco\nm\config\cjm\downloader\downloader.properti
es
CDLDebugLevel=1 to CDLDebugLevel=5
Restart the ChangeAudit & JRunProxyServer processes
You will need to restart/refresh the browser window before running the
NetConfig job. Now run the NetConfig Job
Look at the following log files for info:
1) ..\CSCOpx\lib\jrun\jsm-cw2000\logs\stdout.log
2) ..\CSCOpx\lib\jrun\jsm-cw2000\logs\stderr.log
NetConfig jobs logs as well
3) ../CSCOpx/files/jobs/config/
Remember to turn off debugs
02-07-2007 08:23 AM
It doesn't seem like JRunProxyServer can be stopped/started. It does not appear in the dropdown list of processes in Stop Process, although I do see it running in Process Status.
02-07-2007 08:53 AM
Well, I tricked the JRunProxyServer into restarting by updating a few CiscoView device support packages.
But... NetConfig whines in the /var/adm/CSCOpx/files/jobs/config/
CDL:writeResultsToFile: /var/adm/CSCOpx/files/jobs/config/1104/results.20070207113503.txt with error: Job failed: Error: PGM_NM=Configuration Archive:6413:TYPE=unassigned message type::Change Audit process not running.
Cause: PGM_NM=Configuration Archive:6414:TYPE=unassigned message type::The Change Audit process has to be running to do the operation.
Action: Start the Change Audit process.
CDL:writeResultsToFile: got resultsFile
CDL:writeResultsToFile: num of devices: 2
CDL:writeResultsToFile: currDeviceIdx = 0
CDL:writeResultsToFile: currDeviceIdx = 1
CDL:writeResultsToFile: Wrote Results file
CDL:doEncaseLogging: Finished Downloading Job 1104: EDT-CATOS test (Owner=admin)
NMCS:Inserted row #176869 into CAS_LOG
***********************
I had forgotten to restart ChangeAudit before running a previous NetConfig job, but I had started ChangeAudit before running this particular job. I verified it's running.
In NetConfig Job Details, I find one device was updated successfully (which also failed with the telnet prompt yesterday), another one failed again, not because of ChangeAudit not running or telnet prompt:
*****************************8
<<< Update Failed (1) >>>
*** Device Details for cat6509idf1***Transport==>Telnet***
Device failed during update.
===> Update Result: failed
Error: PGM_NM=Configuration Archive:6377:TYPE=unassigned message type::Resource /var/adm/CSCOpx/files/archive/config/831/20070206113037running.cfg was checked by another user under application Function Id:302 - Config Editor
Cause: PGM_NM=Configuration Archive:6378:TYPE=unassigned message type::The resource was already checked out.
Action: Only one user can checkout a resource.
Error: PGM_NM=Configuration Archive:6377:TYPE=unassigned message type::Resource /var/adm/CSCOpx/files/archive/config/831/20070206113037running.cfg was checked by another user under application Function Id:302 - Config Editor
Cause: PGM_NM=Configuration Archive:6378:TYPE=unassigned message type::The resource was already checked out.
Action: Only one user can checkout a resource.
- CLI Output -
Seems it's because I had tried to have Config Editor update this switch's config yesterday. I don't see any obvious way to release the "checkout" on this switch. Several earlier NetConfig jobs against this switch failed with the same error.
/opt/CSCOpx/objects/jrun/jsm-cw2000/logs/stdout.log is full of Java exceptions about the SMTP server.
The last entry in /opt/CSCOpx/objects/jrun/jsm-cw2000/logs/stderr.log is from 9/1/2005.
02-07-2007 12:35 PM
I found the List Checked out Files option but Undo Checkout just closed the window without unlocking the devices.
02-07-2007 12:55 AM
even cisco acs also doesn't accept those special charecters, because i have cisco acs 4.1 installed in organization.
02-07-2007 05:53 AM
That's interesting. I was able to log in to the TACACS-enabled devices manually using those passwords with ! and $ in them. We have some version of Cisco Secure 3.x.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: